Malware Attack through Fake YouTube Video

Internet users are being warned about the latest disguise being used by malware authors in their attempt to infect people’s PCs. The fraud email shown below pretends to be from YouTube and carries the subject line – “Your video on the TOP of YouTube”.

When the user clicks on the link present inside the mail, a fraudulent page opens which is shown below.

Interestingly, it shows the buffering of a video going on in the background and says it will shortly display the video.
But at that moment, the attacker asks the user to download and install a Flash Player file.

Innocent Internet users may get tricked by such attacks as the downloadable malicious file has the name ‘Flash_Player.exe’ and even displays the same icon as that of the original file. This file belongs to the Trojan family and upon execution it does not install any player but instead starts infecting the computer with Backdoor.Cycbot.G and Trojan.Fareit.C files.

Backdoor.Cycbot.G allows attackers unauthorized access to and control of an infected computer. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers.
Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities or possibly spreading through backdoor ports opened by other families of malicious software. The trojan may also allow attackers to perform other backdoor functions such as launching denial of service (DoS) attacks and retrieving system information from infected computers.

It also captures additional information regarding the infected computer, including:
FTP credentials
Host details
Port number used by FTP program

Trojan.Fareit.C then sends the captured information to a remote attacker. Such attacks can be used by hackers to steal personal information, spam out malware and junk e-mail or launch distributed denial of service attacks against innocent users.

Quick Heal successfully tackles the entire attack, blocks the fraudulent URL, detects and deletes all the malicious files in this attack and thus protects its users from such threats.